CIA hackers found a way to break into smartphones and read – or listen – to messages instantly, before the communication might be secured by the apps transmitting them, as stated by the documents.
Downloads of encrypted messaging apps like Signal have rised since Donald Trump won the presidency in November. Intelligence specialists have linked the spike to general worry among activists, whistle-blowers, journalists and marginalized communities about how Trump could use the nation”s intelligence apparatus to aim for them.
On Tuesday, many took to social media to stress over the extent to which messaging apps that they believed secure may not be.


But Moxie Marlinspike, creator of Open Whisper Systems, said, the data show that Signal and apps like it are working, if anything.
“End-to-end encryption has pushed intelligence agencies from unfettered access to mass surveillance to a world where they have to use expensive, high-risk, targeted attacks against individuals to gain access to their information,” he said. “If you use these kinds of attacks on a massive scale, it increases the danger of detection. So to break into people’s phones and get access to encrypted messages, these agencies now have to be very selective. I think that’s a good thing.”
Because end-to-end encryption implies that only the people engaged in a conversation have the keys to unlock the scrambled message they are sharing, outsiders attempting to intercept the communication would be unable to understand it without having the key.
But in accordance with the leaked documents, the CIA appears to have bypassed this obstacle by hacking the phones used to send messages or make calls. Hackers who gain access to a device’s operating system can be able to record calls and messages instantly, as a person is speaking in their microphone or typing on their keyboard – before the message is actually sent.
“Once you have malware on an operating-system level, you can record keystrokes as they’re being typed,” said Jeremiah Grossman, SentinelOne’s chief of security strategy.
Security specialists advised that people continue to encrypt their communication and use apps like WhatsApp and Signal to do so.
“The worst thing that could happen is for users to lose faith in encryption-enabled tools and stop using them,” wrote Cindy Cohn, the executive director of the Electronic Frontier Foundation. “The dark side of this story is that the documents confirm the CIA keeps on to security vulnerabilities in software and devices ” including Android phones, iPhones and Samsung television – that millions of people round the world rely on.”
It was not directly clear how many zero-day vulnerabilities were revealed Tuesday, though WikiLeaks wrote in a news release accompanying the leak the data included 24 such vulnerabilities for Android devices alone. The data dump covered a detailed list of attacks the CIA had used to gain access to Android and Apple devices, including several mentions of malicious software the government appears to have purchased.
For years, technology companies have asked the government to provide details about zero days it discovers and vulnerabilities. Under the Obama administration, the White House issued a compromise known as the Vulnerabilities Equities Process, which asked intelligence agencies to disclose as many security vulnerabilities as possible unless there was a demonstrated public interest in keeping some quiet.
For being opaque and difficult to enforce, while allowing the government unchecked authority to decide when to keep information that will compromise millions of devices to itself, critics have long denounced the agreement.
The CIA cache published by WikiLeaks seems to validate these concerns, experts point to a need for greater information sharing between tech companies and government agencies, and said.
“If there’s a vulnerability in the wild and it’s not making it into the hands of the vendor so it can be resolved, something is broken,” Rice said. “This ultimately strains tech companies’ relationship with the U.S. government.”
To learn more about iphone spy take a look at our web page: read here